Digital rights management systems exist that control access to digital content. One or more access control policies can control, for example, which users may access particular units of content, when particular users may access particular content, from what devices particular users may access protected content, what particular users may do with that content (e.g., read, modify, copy, save, print), and whether particular users may be limited to accessing content having a watermark rendered over it (e.g., by physically printing a watermark when a document is printed, by applying a watermark on a display screen when a document is displayed, etc.) or not.
FIG. 1 is a block diagram of an illustrative prior art digital rights management (DRM) system 100 that includes a DRM policy server 102, an authoring device 106a, an access device 106b, and a content server 108. Numerous types of electronic content may be managed using the DRM system 100. Examples include word processing documents, formatted documents (e.g., PDF documents), spreadsheets, video files, audio files, image files, email messages, and/or other types of electronic content. Each type of content may be created and/or viewed by one or more particular types of application programs. An example of such a DRM system is described in, for example, U.S. Pat. No. 6,978,376, entitled “INFORMATION SECURITY ARCHITECTURE FOR ENCRYPTING DOCUMENTS FOR REMOTE ACCESS WHILE MAINTAINING ACCESS CONTROL,” filed on Dec. 15, 2000, which is incorporated herein by reference in its entirely.
The DRM scheme implemented by system 100 encrypts protected content to prevent unauthorized access. The DRM scheme further implements a scheme to ensure that only authorized users gain access to the information necessary to decrypt the protected content, and only in a manner that enables each user to access the content and perform the actions with that content that they are authorized to perform consistent with the access control policy for that content.
DRM policy server 102 performs several functions associated with the digital rights management of protected content. An encryption key is generated (e.g., by the DRM policy server, the authoring device or otherwise). The DRM policy server 102 maintains decryption keys for protected content (also referred to as content “registered” with the DRM system), authenticates requests for viewing registered content, and grants access to registered content by providing decryption keys and associated access policies to authorized users. The DRM policy server may maintain a secure central database which provides an association between registered users that created or authored the registered content, the registered content, decryption keys for the registered content, access policies for the registered content, and registered users authorized to access each unit of protected content.
Content server 108 may generate and/or store units of content that may be managed by the DRM system. Content server 108 may have one or more application programs to generate various types of content (e.g., an email exchange server application, a word processing application, an image generation application, etc.). Content on content server 108 may be created and/or modified in response to user actions on an authoring device (e.g., authoring device 106a). A software plugin (not shown) for the DRM system may be installed on the authoring device and may allow the selection of an option to protect a unit of content (e.g., a word processing document) when it is opened or created on the access device in response to a user's actions. The plugin can connect to the DRM policy server over a secure communication link (e.g., via an SSL connection), and the user can be authenticated by the DRM policy server through a user interface presented by the plugin. The DRM policy server may connect to one or more resources in a networked computer system (e.g., a directory service storing authentication information such as a user name and password), so that the user may be authenticated based upon information provided via the plugin user interface, to the DRM policy server.
Once authenticated, the DRM user interface allows the authenticated user to set a policy to protect the content. The user may select a pre-defined policy or create a new one. The policy may specify any of the control criteria discussed above (e.g., which user(s) may access the document, when the document may be accessed, from where the document may be accessed (e.g., only local network access), what actions may be performed with the document (e.g., printing, copying, modifying), whether a watermark should be applied to the document, etc.).
A unique identifier is created for the content (e.g., by applying a hashing algorithm to the content), in association with a request to register the content with the DRM policy server that is sent 122 by the authoring device 106a. In response, a content encryption key is generated. The content is encrypted using the content encryption key and sent 126 to the content server 108 where it is stored along with an unencrypted address for the DRM policy server 102. Optionally, an unencrypted unique identifier for the content may also be stored with the content. The DRM policy server 102 stores the policy and the content encryption key, and associates them with the content (e.g., via the unique identifier for the content) in any suitable way. The unique identifier and the unencrypted address of the DRM policy server may be embedded in the content (e.g., in an unencrypted portion of the content).
When a user attempts to access the protected content using an access device 106b, the encrypted content is transmitted 112 from the content server 108 to the access device 106b, along with the unencrypted address of the DRM policy server 102 and optionally also the unencrypted unique identifier for the content. Alternatively, the unique identifier for the content may not be transmitted, but rather may be regenerated by the access device (e.g., by applying a hashing algorithm to the content). The access device can then use the unencrypted address of the DRM policy server to request access to the protected content associated with the unique content identifier.
Access device 106b is a device through which a user may seek to access a protected unit of content. For example, if the content server 108 is a word processing server, a user may attempt to access a protected word processing document on the word processing server via an access device (e.g., a workstation). The protected unit of content may be transmitted 112 from the content server 108 to the access device 106b (e.g., via a network connection). As discussed above, the protected content is encrypted, so that the user utilizing the access device 106b cannot access it without authority granted by the access policy that is associated with the protected unit of content and is stored on the DRM policy server 102.
When a user on access device 106b seeks access to a protected content unit, it can only gain access by retrieving the content key from the DRM policy server 102. If the access device 106b has a DRM plugin installed, the plugin issues a communication 114 to the DRM policy server 102 (e.g., using the address associated with the content) to request access to the protected unit of content. If no plugin is installed, information within the content may point the device to a server from which the DRM plugin may be installed. The DRM policy server 102 determines whether the user using the access device 106b is authorized to access the specified unit of content. If not, the access request is denied. If the user is authorized, the content decryption key is transmitted 116 from the DRM policy server 102 to the access device 106b. This content key may be encrypted using a communication session key for the transaction between the access device and the DRM policy server so as to keep it secure. The content key may be used to decrypt the unit of content so as to generate a decrypted unit of content which may be accessed by the user. However, the DRM policy server 102 further transmits 118 policy information to the access device, which dictates the actions the user may perform on the unit of content. The DRM software plugin installed on the access device enforces the policy.